BleepingComputer.com: FWX.EXE VIRUS??

Hi

I am new to these forums and would really appreciate your help.
I have AVAST free antivirus on my laptop
It runs 64 bit windows 7

i keep getting popups from avast saying it has blocked a malicious website
and mentions the following

object: 83.222.232.218/gr_uk/go.php?s=62
(this is different each time.)

infection: URL:Mal
Action: blocked
Process; C:\Users\Celia\Appdata\Local\temp\fwx.exe

i have tried to delete this file, but it says i can't as it is in use.
i also tried to restore my system to an earlier time, but it said it could not.
in first looking to restore my system the laptop said restore was turned off.
i checked performance issues to bring up what starts on start up and there
is a file in there

W5E7SH31DG
Command C\users\celia\appdata\local\temp\fwx.exe
location: HCKU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
I deselect this so that it does not run on start up and restart
my laptop but it is always there again, as if i had not done anything to it.



i am not up with the technical part of a laptop and would really appreciate any help with this.

The Avast popups are very regular

--------------

I have followed instructions for dds files here:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Celia at 17:03:27.44 on 13/04/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4061.2571 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Celia\AppData\Local\Temp\Fwx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Windows\SysWOW64\bgsvcgen.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Kontiki\KService.exe
C:\Windows\system32\nlsInterface.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.x64.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EfficientPIM\EfficientPIM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Celia\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
uURLSearchHooks: Messenger Plus Live UK Toolbar: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll
uURLSearchHooks: H - No File
mURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
mURLSearchHooks: Messenger Plus Live UK Toolbar: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
BHO: SWWBHO: {6bfbc258-01ec-4d21-9e73-085e2f73efdd} - C:\Program Files (x86)\Cashback Alerter\CA.dll
BHO: Messenger Plus Live UK Toolbar: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
TB: Messenger Plus Live UK Toolbar: {77f40091-495b-4c46-9068-2b24c4133157} - C:\Program Files (x86)\Messenger_Plus_Live_UK\tbMess.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [<NO NAME>]
uRun: [AquaSnap] C:\Program Files (x86)\AquaSnap\AquaSnap.Daemon.exe
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [W5E7SH31DG] C:\Users\Celia\AppData\Local\Temp\Fwx.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [<NO NAME>]
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EfficientPIM]
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Celia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFFICI~1.LNK - C:\Program Files (x86)\EfficientPIM\EfficientPIM.exe
StartupFolder: C:\Users\Celia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\Users\Celia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
StartupFolder: C:\Users\Celia\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WKCALREM.LNK - C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Text%20Twist/Images/stg_drm.ocx
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.tescophoto.com/wpp/tesco/app/ImageUploader5.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://skygamesonlinegs.oberon-media.com/gameshell/games/channel--110425197/lc--en/room--179257dc-e0e7-4765-9170-a6b0ad86504e/online/dream_chronicles/en/dreamweb.1.0.0.9.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://skygamesonlinegs.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://skygamesonlinegs.oberon-media.com/gameshell/games/channel--110425197/lc--en/room--e2f2d7b5-54b0-427d-908e-59209fab0fc6/online/bonnies_bookstore/en/popcaploader_v10.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
TB-X64: {77F40091-495B-4C46-9068-2B24C4133157} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\0ae690fl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\0ae690fl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Celia\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-23 53488]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-9 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-4-9 280408]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 18:42:13];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-10 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-10 89600]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 ASTSRV;AST HighEnd Service;C:\Windows\system32\ASTSRV.EXE --> C:\Windows\system32\ASTSRV.EXE [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-4-9 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-4-9 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-9 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\Windows\System32\nlsInterface.exe [2010-2-20 72192]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\system32\nlssrv32.exe --> C:\Windows\system32\nlssrv32.exe [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-23 648432]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-9-23 36392]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-9-23 172704]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\System32\drivers\OA008Ufd.sys [2009-3-6 159840]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\System32\drivers\OA008Vid.sys [2009-5-6 313696]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-8-5 284016]
S2 RelevantKnowledge;RelevantKnowledge;C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service --> C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-14 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-6 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-25 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-04-13 08:00:38 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-04-13 07:33:15 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-13 07:33:15 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-04-13 07:33:12 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-04-13 07:33:04 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-04-13 07:33:04 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-04-13 07:33:03 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-04-13 07:33:03 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-04-13 07:33:00 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-12 20:38:24 123392 --sha-r- C:\Windows\SysWow64\msxml3av.dll
2011-04-12 19:18:25 -------- d-----w- C:\Users\Celia\AppData\Roaming\XWindows Dock
2011-04-12 19:18:19 -------- d-----w- C:\Program Files (x86)\XWindows Dock
2011-04-12 07:31:56 -------- d-----w- C:\Users\Celia\AppData\Roaming\App Launcher Gadget
2011-04-11 12:40:52 -------- d-----w- C:\Users\Celia\AppData\Local\DVDVideoSoft_Ltd
2011-04-09 20:56:54 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-04-09 20:56:52 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-09 20:55:59 40648 ----a-w- C:\Windows\avastSS.scr
2011-04-09 20:55:52 -------- d-----w- C:\Program Files\AVAST Software
2011-04-09 20:55:52 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-09 12:39:40 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B4FF703C-418F-4A19-9808-C3D2C475E76B}\mpengine.dll
2011-04-03 19:23:37 -------- d-----w- C:\Users\Celia\AppData\Local\Conduit
2011-03-31 05:03:16 2594584 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-03-27 19:51:04 -------- d-----w- C:\Program Files (x86)\EfficientPIM
2011-03-27 19:35:48 -------- d-----w- C:\Users\Celia\AppData\Roaming\EfficientPIM
2011-03-23 20:13:03 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 20:13:02 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 20:13:02 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 20:13:02 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 20:13:02 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 20:13:02 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 20:13:02 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 20:13:02 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-18 22:23:27 -------- d-----w- C:\Users\Celia\AppData\Local\Cooliris
.
==================== Find3M ====================
.
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-02-05 12:41:43 556928 ----a-w- C:\Windows\System32\winresume.efi
2011-02-05 12:41:35 640896 ----a-w- C:\Windows\System32\winload.efi
2011-02-05 12:41:24 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-05 12:41:24 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-05 12:41:23 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-05 12:39:21 603976 ----a-w- C:\Windows\System32\winload.exe
2011-02-05 12:39:21 518160 ----a-w- C:\Windows\System32\winresume.exe
2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-02 18:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-02-01 15:34:32 2828 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2011-02-01 06:52:35 1812 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2003-01-31 03:43:19 6065152 ----a-w- C:\Program Files\Mystical.exe
2003-01-30 18:20:26 1396736 ----a-w- C:\Program Files\Mystical_PlugIn.8bf
.
============= FINISH: 17:08:17.23 ===============

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

hi

thx for replying

since first posting i ran malwarebytes again which updated first and has got rid of the file, and laptop seems fine apart from:

windows security centre will not work, it says it cannot be started.

i don't know if this problem is related or not, and i don't know if my laptop is infected.


i understand this is a bit different now from my post, and will fully understand if you are not wanting to help, but would
really appreciate it if you would.

thx in hoping

regards

Yes, 'course I can still help.

Can I see the MBAM log showing what it removed the last time

Also can you run TDSSKiller

• Download TDSSKiller and save it to your Desktop.
  
  
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
  
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
  
  
  
• Now click Start Scan.
  
  
• If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  
  
• Click Close
  
  
• Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Thank you

malwarebytes:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6358

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

14/04/2011 06:24:14
mbam-log-2011-04-14 (06-24-14).txt

Scan type: Quick scan
Objects scanned: 192629
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W5E7SH31DG (Trojan.FakeAlert.SA) -> Value: W5E7SH31DG -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

---------------
2011/04/24 07:54:16.0917 3128 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/24 07:54:17.0149 3128 ================================================================================
2011/04/24 07:54:17.0149 3128 SystemInfo:
2011/04/24 07:54:17.0149 3128
2011/04/24 07:54:17.0149 3128 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/24 07:54:17.0149 3128 Product type: Workstation
2011/04/24 07:54:17.0149 3128 ComputerName: CELIA-PC
2011/04/24 07:54:17.0149 3128 UserName: Celia
2011/04/24 07:54:17.0149 3128 Windows directory: C:\Windows
2011/04/24 07:54:17.0149 3128 System windows directory: C:\Windows
2011/04/24 07:54:17.0149 3128 Running under WOW64
2011/04/24 07:54:17.0150 3128 Processor architecture: Intel x64
2011/04/24 07:54:17.0150 3128 Number of processors: 2
2011/04/24 07:54:17.0150 3128 Page size: 0x1000
2011/04/24 07:54:17.0150 3128 Boot type: Normal boot
2011/04/24 07:54:17.0150 3128 ================================================================================
2011/04/24 07:54:17.0432 3128 Initialize success
2011/04/24 07:54:19.0788 5188 ================================================================================
2011/04/24 07:54:19.0788 5188 Scan started
2011/04/24 07:54:19.0788 5188 Mode: Manual;
2011/04/24 07:54:19.0788 5188 ================================================================================
2011/04/24 07:54:20.0744 5188 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/24 07:54:20.0825 5188 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/24 07:54:20.0854 5188 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/24 07:54:20.0911 5188 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/04/24 07:54:21.0012 5188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/24 07:54:21.0077 5188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/24 07:54:21.0111 5188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/24 07:54:21.0204 5188 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/24 07:54:21.0253 5188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/24 07:54:21.0330 5188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/24 07:54:21.0371 5188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/24 07:54:21.0498 5188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/24 07:54:21.0522 5188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/24 07:54:21.0575 5188 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/24 07:54:21.0613 5188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/24 07:54:21.0641 5188 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/24 07:54:21.0694 5188 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/24 07:54:21.0758 5188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/24 07:54:21.0789 5188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/24 07:54:21.0884 5188 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/24 07:54:21.0935 5188 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/24 07:54:21.0973 5188 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/04/24 07:54:22.0005 5188 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/04/24 07:54:22.0038 5188 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/04/24 07:54:22.0080 5188 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/04/24 07:54:22.0123 5188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/24 07:54:22.0157 5188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/24 07:54:22.0343 5188 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/24 07:54:22.0663 5188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/24 07:54:22.0759 5188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/24 07:54:22.0801 5188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/24 07:54:22.0856 5188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/24 07:54:22.0899 5188 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/24 07:54:22.0938 5188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/24 07:54:22.0965 5188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/24 07:54:23.0007 5188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/24 07:54:23.0052 5188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/24 07:54:23.0080 5188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/24 07:54:23.0118 5188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/24 07:54:23.0194 5188 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/04/24 07:54:23.0220 5188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/24 07:54:23.0274 5188 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/24 07:54:23.0308 5188 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
2011/04/24 07:54:23.0373 5188 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/24 07:54:23.0427 5188 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
2011/04/24 07:54:23.0486 5188 btwaudio (e2677b9234e4c31055b940b70536d377) C:\Windows\system32\drivers\btwaudio.sys
2011/04/24 07:54:23.0544 5188 btwavdt (e59a0c091ae64063b53b9ac1294a3679) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/04/24 07:54:23.0592 5188 btwl2cap (d33875ca5940f2e0ed06fb74d556e2db) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/24 07:54:23.0633 5188 btwrchid (a465b855cef659655de80d012c2de761) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/24 07:54:23.0673 5188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/24 07:54:23.0713 5188 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/24 07:54:23.0774 5188 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/24 07:54:23.0821 5188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/24 07:54:23.0873 5188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/24 07:54:23.0932 5188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/24 07:54:23.0976 5188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/24 07:54:24.0023 5188 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/24 07:54:24.0062 5188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/24 07:54:24.0107 5188 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/24 07:54:24.0152 5188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/24 07:54:24.0203 5188 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/04/24 07:54:24.0272 5188 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/24 07:54:24.0320 5188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/24 07:54:24.0367 5188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/24 07:54:24.0505 5188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/24 07:54:24.0650 5188 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/24 07:54:24.0785 5188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/24 07:54:24.0946 5188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/24 07:54:24.0997 5188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/24 07:54:25.0054 5188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/24 07:54:25.0088 5188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/24 07:54:25.0130 5188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/24 07:54:25.0166 5188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/24 07:54:25.0197 5188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/24 07:54:25.0265 5188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/24 07:54:25.0330 5188 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/24 07:54:25.0365 5188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/24 07:54:25.0416 5188 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/24 07:54:25.0458 5188 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/24 07:54:25.0510 5188 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/24 07:54:25.0554 5188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/24 07:54:25.0603 5188 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/24 07:54:25.0648 5188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/24 07:54:25.0692 5188 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/24 07:54:25.0739 5188 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/24 07:54:25.0762 5188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/24 07:54:25.0814 5188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/24 07:54:25.0841 5188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/24 07:54:25.0903 5188 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/24 07:54:25.0967 5188 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/24 07:54:26.0028 5188 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/24 07:54:26.0088 5188 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/24 07:54:26.0142 5188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/24 07:54:26.0196 5188 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/24 07:54:26.0291 5188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/24 07:54:26.0334 5188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/24 07:54:26.0371 5188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/24 07:54:26.0513 5188 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/24 07:54:26.0559 5188 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/24 07:54:26.0596 5188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/24 07:54:26.0657 5188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/24 07:54:26.0686 5188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/24 07:54:26.0730 5188 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/24 07:54:26.0790 5188 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/04/24 07:54:26.0834 5188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/04/24 07:54:26.0881 5188 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/04/24 07:54:26.0953 5188 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/24 07:54:26.0996 5188 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/24 07:54:27.0044 5188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/24 07:54:27.0136 5188 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/24 07:54:27.0192 5188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/24 07:54:27.0226 5188 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/24 07:54:27.0280 5188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/24 07:54:27.0319 5188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/24 07:54:27.0358 5188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/24 07:54:27.0395 5188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/24 07:54:27.0426 5188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/24 07:54:27.0533 5188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/24 07:54:27.0566 5188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/24 07:54:27.0613 5188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/24 07:54:27.0654 5188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/24 07:54:27.0709 5188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/04/24 07:54:27.0740 5188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/24 07:54:27.0783 5188 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/24 07:54:27.0875 5188 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/24 07:54:27.0917 5188 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/24 07:54:27.0963 5188 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/24 07:54:28.0010 5188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/24 07:54:28.0062 5188 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/24 07:54:28.0103 5188 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/24 07:54:28.0149 5188 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/24 07:54:28.0184 5188 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/24 07:54:28.0225 5188 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/24 07:54:28.0266 5188 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/24 07:54:28.0320 5188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/24 07:54:28.0354 5188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/24 07:54:28.0391 5188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/24 07:54:28.0439 5188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/24 07:54:28.0494 5188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/24 07:54:28.0521 5188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/24 07:54:28.0567 5188 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/24 07:54:28.0607 5188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/24 07:54:28.0644 5188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/24 07:54:28.0667 5188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/24 07:54:28.0707 5188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/24 07:54:28.0749 5188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/24 07:54:28.0827 5188 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/24 07:54:28.0872 5188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/24 07:54:28.0907 5188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/24 07:54:28.0943 5188 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/24 07:54:28.0981 5188 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/24 07:54:29.0039 5188 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/24 07:54:29.0084 5188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/24 07:54:29.0142 5188 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/24 07:54:29.0414 5188 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/04/24 07:54:30.0026 5188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/24 07:54:30.0115 5188 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/24 07:54:30.0264 5188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/24 07:54:30.0322 5188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/24 07:54:30.0423 5188 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/24 07:54:30.0507 5188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/24 07:54:30.0543 5188 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/24 07:54:30.0570 5188 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/24 07:54:30.0616 5188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/24 07:54:30.0665 5188 OA008Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
2011/04/24 07:54:30.0700 5188 OA008Vid (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
2011/04/24 07:54:30.0734 5188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/24 07:54:30.0824 5188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/24 07:54:30.0877 5188 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/24 07:54:30.0923 5188 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/04/24 07:54:30.0963 5188 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/24 07:54:30.0990 5188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/24 07:54:31.0037 5188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/24 07:54:31.0075 5188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/24 07:54:31.0121 5188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/24 07:54:31.0299 5188 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/24 07:54:31.0329 5188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/24 07:54:31.0415 5188 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/24 07:54:31.0514 5188 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/24 07:54:31.0590 5188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/24 07:54:31.0652 5188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/24 07:54:31.0689 5188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/24 07:54:31.0712 5188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/24 07:54:31.0764 5188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/24 07:54:31.0807 5188 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/24 07:54:31.0838 5188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/24 07:54:31.0877 5188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/24 07:54:31.0916 5188 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/24 07:54:31.0952 5188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/24 07:54:31.0981 5188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/24 07:54:32.0023 5188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/24 07:54:32.0049 5188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/24 07:54:32.0104 5188 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/24 07:54:32.0167 5188 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/24 07:54:32.0227 5188 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/24 07:54:32.0273 5188 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/04/24 07:54:32.0312 5188 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/04/24 07:54:32.0356 5188 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/04/24 07:54:32.0461 5188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/24 07:54:32.0514 5188 RxFilter (6bc3fe66bfaa363468d95c56d6403ab2) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/04/24 07:54:32.0586 5188 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/04/24 07:54:32.0617 5188 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/04/24 07:54:32.0737 5188 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/24 07:54:32.0796 5188 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/24 07:54:32.0857 5188 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/04/24 07:54:32.0936 5188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/24 07:54:32.0979 5188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/24 07:54:33.0011 5188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/24 07:54:33.0058 5188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/24 07:54:33.0127 5188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/24 07:54:33.0143 5188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/24 07:54:33.0162 5188 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/24 07:54:33.0196 5188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/24 07:54:33.0260 5188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/24 07:54:33.0292 5188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/24 07:54:33.0343 5188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/24 07:54:33.0394 5188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/24 07:54:33.0458 5188 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/04/24 07:54:33.0500 5188 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/24 07:54:33.0534 5188 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/24 07:54:33.0582 5188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/24 07:54:33.0647 5188 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/24 07:54:33.0703 5188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/24 07:54:33.0768 5188 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/24 07:54:33.0883 5188 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/24 07:54:34.0000 5188 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/24 07:54:34.0064 5188 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/24 07:54:34.0110 5188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/24 07:54:34.0133 5188 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/24 07:54:34.0179 5188 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/24 07:54:34.0221 5188 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/24 07:54:34.0295 5188 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/24 07:54:34.0370 5188 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/24 07:54:34.0462 5188 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/24 07:54:34.0514 5188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/24 07:54:34.0570 5188 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/24 07:54:34.0637 5188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/24 07:54:34.0697 5188 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/24 07:54:34.0730 5188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/24 07:54:34.0781 5188 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/24 07:54:34.0817 5188 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/04/24 07:54:34.0868 5188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/24 07:54:34.0921 5188 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
2011/04/24 07:54:34.0960 5188 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/04/24 07:54:35.0003 5188 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/24 07:54:35.0241 5188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/24 07:54:35.0315 5188 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/24 07:54:35.0343 5188 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
2011/04/24 07:54:35.0395 5188 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/24 07:54:35.0441 5188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/24 07:54:35.0498 5188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/24 07:54:35.0526 5188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/24 07:54:35.0563 5188 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/24 07:54:35.0596 5188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/24 07:54:35.0623 5188 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/24 07:54:35.0681 5188 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/24 07:54:35.0715 5188 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/24 07:54:35.0781 5188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/24 07:54:35.0823 5188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/24 07:54:35.0871 5188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/24 07:54:35.0942 5188 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/24 07:54:35.0967 5188 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/24 07:54:36.0043 5188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/24 07:54:36.0082 5188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/24 07:54:36.0175 5188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/24 07:54:36.0205 5188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/24 07:54:36.0309 5188 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/24 07:54:36.0401 5188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/24 07:54:36.0527 5188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/24 07:54:36.0605 5188 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/24 07:54:36.0642 5188 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/24 07:54:36.0725 5188 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
2011/04/24 07:54:36.0801 5188 ================================================================================
2011/04/24 07:54:36.0801 5188 Scan finished
2011/04/24 07:54:36.0801 5188 ================================================================================

Okay, let's see if we can remove the stubborn exe file

Please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Comfix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

here is combofix.txt.

now i can't start any programs without laptop saying illegal operation attempted on a registry key that has been marked for deletion

google chrome wouldn't start, but did when i clicked run as administrator



ComboFix 11-04-23.02 - Celia 24/04/2011 14:02:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2431 [GMT 1:00]
Running from: c:\users\Celia\Desktop\comfix.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
PEV Error: ProfilesFile
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Celia\AppData\Local\{DAC0B752-1039-4B8A-A68E-D8781FE8AA6F}
c:\users\Celia\AppData\Local\{DAC0B752-1039-4B8A-A68E-D8781FE8AA6F}\chrome.manifest
c:\users\Celia\AppData\Local\{DAC0B752-1039-4B8A-A68E-D8781FE8AA6F}\chrome\content\_cfg.js
c:\users\Celia\AppData\Local\{DAC0B752-1039-4B8A-A68E-D8781FE8AA6F}\chrome\content\overlay.xul
c:\users\Celia\AppData\Local\{DAC0B752-1039-4B8A-A68E-D8781FE8AA6F}\install.rdf
c:\users\Celia\AppData\Roaming\Microsoft\Windows\Recent\AtoBsoft.com.url
c:\virtualmagnifyingglassportable\VirtualMagnifyingGlassPortable.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SysWow64\logs
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 13:55 . 2011-04-24 13:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 13:34 . 2011-04-19 13:34 -------- d-----w- c:\users\Celia\AppData\Roaming\ParetoLogic
2011-04-19 13:34 . 2011-04-19 13:34 -------- d-----w- c:\users\Celia\AppData\Roaming\DriverCure
2011-04-19 13:34 . 2011-04-19 13:44 -------- d-----w- c:\programdata\ParetoLogic
2011-04-17 10:37 . 2011-04-17 10:37 -------- d-----w- c:\windows\system32\SPReview
2011-04-17 10:36 . 2011-04-17 10:36 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 22:23 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-16 22:23 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-04-16 22:23 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-04-16 22:23 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-16 22:23 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-04-16 22:23 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-04-16 22:23 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-04-16 22:23 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-04-16 22:23 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-16 22:23 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-04-16 22:21 . 2010-11-20 13:27 1098240 ----a-w- c:\windows\system32\Vault.dll
2011-04-16 22:20 . 2010-11-20 12:21 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2011-04-16 22:19 . 2010-11-20 13:27 358400 ----a-w- c:\windows\system32\wmpdxm.dll
2011-04-16 22:18 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2011-04-16 22:17 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-04-16 22:17 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-04-16 22:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-04-16 22:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-04-16 22:12 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 22:12 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 22:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 22:12 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 22:11 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 22:10 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 22:10 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-16 21:29 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-16 21:29 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-16 06:55 . 2011-04-16 06:55 -------- d-----w- c:\program files (x86)\ESET
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\users\Celia\AppData\Roaming\SUPERAntiSpyware.com
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\programdata\!SASCORE
2011-04-14 14:46 . 2011-04-24 12:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-14 14:45 . 2011-04-15 05:55 -------- d-----w- c:\program files (x86)\SpywareGuard
2011-04-14 14:45 . 2011-04-14 14:45 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-04-14 14:42 . 2011-04-14 14:42 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-04-13 18:11 . 2011-04-13 18:11 -------- d-----w- c:\users\Celia\AppData\Local\Safe mirror
2011-04-13 18:07 . 2011-04-16 22:03 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2011-04-13 07:33 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 07:33 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 07:33 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 07:33 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 07:33 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 07:33 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-13 07:33 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-13 07:33 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 07:33 . 2011-02-23 04:56 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 20:38 . 2011-04-12 20:38 123392 --sha-r- c:\windows\SysWow64\msxml3av.dll
2011-04-12 19:18 . 2011-04-13 10:02 -------- d-----w- c:\users\Celia\AppData\Roaming\XWindows Dock
2011-04-12 19:18 . 2011-04-13 10:03 -------- d-----w- c:\program files (x86)\XWindows Dock
2011-04-12 07:31 . 2011-04-12 08:53 -------- d-----w- c:\users\Celia\AppData\Roaming\App Launcher Gadget
2011-04-11 12:40 . 2011-04-11 12:40 -------- d-----w- c:\users\Celia\AppData\Local\DVDVideoSoft_Ltd
2011-04-09 20:57 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 20:57 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-09 20:56 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-09 20:56 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-09 20:56 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-09 20:56 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-09 20:56 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-09 20:55 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-09 20:55 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-09 20:55 . 2011-04-09 20:55 -------- d-----w- c:\programdata\AVAST Software
2011-04-09 20:55 . 2011-04-09 20:55 -------- d-----w- c:\program files\AVAST Software
2011-04-09 12:39 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4FF703C-418F-4A19-9808-C3D2C475E76B}\mpengine.dll
2011-04-03 19:23 . 2011-04-05 20:19 -------- d-----w- c:\users\Celia\AppData\Local\Conduit
2011-03-31 05:03 . 2011-03-31 05:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-03-27 19:51 . 2011-03-27 19:51 -------- d-----w- c:\program files (x86)\EfficientPIM
2011-03-27 19:35 . 2011-04-13 10:02 -------- d-----w- c:\users\Celia\AppData\Roaming\EfficientPIM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 10:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 10:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-04 18:59 . 2009-12-23 06:57 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-04 18:59 . 2010-05-20 04:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-31 05:03 . 2010-05-25 04:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-29 04:42 . 2009-12-25 10:39 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-15 22:37 . 2011-03-15 22:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 22:37 . 2011-03-15 22:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 22:37 . 2011-03-15 22:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 22:37 . 2011-03-15 22:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 22:37 . 2011-03-15 22:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 22:37 . 2011-03-15 22:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 22:37 . 2011-03-15 22:37 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 22:37 . 2011-03-15 22:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 22:37 . 2011-03-15 22:37 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 22:37 . 2011-03-15 22:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 22:37 . 2011-03-15 22:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 22:37 . 2011-03-15 22:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 22:37 . 2011-03-15 22:37 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 22:37 . 2011-03-15 22:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 22:37 . 2011-03-15 22:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 22:37 . 2011-03-15 22:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 22:37 . 2011-03-15 22:37 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 22:37 . 2011-03-15 22:37 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 22:37 . 2011-03-15 22:37 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 22:37 . 2011-03-15 22:37 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 22:37 . 2011-03-15 22:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 22:37 . 2011-03-15 22:37 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 22:37 . 2011-03-15 22:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 22:37 . 2011-03-15 22:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 22:37 . 2011-03-15 22:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 22:37 . 2011-03-15 22:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 22:37 . 2011-03-15 22:37 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 22:37 . 2011-03-15 22:37 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 22:37 . 2011-03-15 22:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 22:37 . 2011-03-15 22:37 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 22:37 . 2011-03-15 22:37 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 22:37 . 2011-03-15 22:37 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 22:37 . 2011-03-15 22:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 22:37 . 2011-03-15 22:37 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 22:37 . 2011-03-15 22:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 22:37 . 2011-03-15 22:37 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 22:37 . 2011-03-15 22:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 22:37 . 2011-03-15 22:37 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 22:37 . 2011-03-15 22:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 22:37 . 2011-03-15 22:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-14 21:11 . 2009-12-23 06:56 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_685032BACB814DF298AC8C8334E23C82.exe
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_2DA2FE4FD37B41B8A6D3B7E936F31C71_3.exe
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_2DA2FE4FD37B41B8A6D3B7E936F31C71_2.exe
2011-03-11 10:54 . 2011-03-11 10:54 53248 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\ARPPRODUCTICON.exe
2011-03-11 10:54 . 2011-03-11 10:54 49152 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\UNINST_Uninstall_C_2DA2FE4FD37B41B8A6D3B7E936F31C71.exe
2011-03-11 10:54 . 2011-03-11 10:54 40960 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Nurse_Training_Mod_2DA2FE4FD37B41B8A6D3B7E936F31C71_1.exe
2011-03-11 10:54 . 2011-03-11 10:54 40960 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Nurse_Training_Mod_2DA2FE4FD37B41B8A6D3B7E936F31C71.exe
2011-03-09 19:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:20 . 2011-03-01 15:20 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-02-19 12:05 . 2011-03-09 19:35 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 19:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 19:35 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 19:35 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 19:35 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 06:45 . 2010-01-09 09:16 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-02 21:40 . 2011-01-29 21:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 18:11 . 2009-11-10 17:35 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 06:52 . 2011-02-01 06:48 1812 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2003-01-31 03:43 . 2003-01-20 12:07 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 18:20 . 2003-01-20 12:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-02-22 11:05 2353176 ----a-w- c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 10:06 2355224 ----a-w- c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AquaSnap"="c:\program files (x86)\AquaSnap\AquaSnap.Daemon.exe" [2011-01-21 875008]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104]
.
c:\users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files (x86)\EfficientPIM\EfficientPIM.exe [2011-3-27 10269184]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 1207312]
SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2011-4-12 3450608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-14 1038088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 18:42];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 20:19 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-07-16 648432]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064428315-3169972226-4278539030-1000Core.job
- c:\users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 21:16]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064428315-3169972226-4278539030-1000UA.job
- c:\users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 21:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\comfix.exe\CF18784.cfxxe" [X]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\0ae690fl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
BHO-{6BFBC258-01EC-4d21-9E73-085E2F73EFDD} - c:\program files (x86)\Cashback Alerter\CA.dll
Wow6432Node-HKLM-Run-EfficientPIM - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{77F40091-495B-4C46-9068-2B24C4133157} - (no file)
AddRemove-3D Maker by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Maker
AddRemove-3D Shadow by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow
AddRemove-3DBoxMaker_is1 - c:\program files (x86)\3DBoxMaker\UninsHs.exe
AddRemove-Jabber_is1 - c:\program files (x86)\FreeGamePick.com\Jabber\unins000.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-{4AFC0F3B-0678-44F5-A70C-FACE61310F27} - c:\program files (x86)\AKVIS\Enhancer\Uninstall.exe
AddRemove-{4C4F2C25-3D14-46C5-8D0D-BCD202AD5D9B} - c:\program files (x86)\AKVIS\Coloriage\Uninstall.exe
AddRemove-{8466123B-2CBE-4809-8FAF-94D1F76BC4FE} - c:\program files (x86)\AKVIS\Chameleon\Uninstall.exe
AddRemove-{A703B28C-1258-4FC3-BBB2-90513947E9FA} - c:\program files (x86)\AKVIS\Stamp\Uninstall.exe
AddRemove-{D77DBB31-D3EB-4405-8785-488CA60ECE46} - c:\program files (x86)\AKVIS\Retoucher\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1064428315-3169972226-4278539030-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2192771D-1953-0D6E-6619-52F06807C86B}*]
"haipcanaofgcioeo"=hex:61,61,00,00
"jaipcanaofgcioeoejpb"=hex:63,61,6a,66,69,6f,00,00
"paaieopkbhfghhndobfjffongnnkkapo"=hex:63,61,6e,67,70,6a,00,00
.
[HKEY_USERS\S-1-5-21-1064428315-3169972226-4278539030-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82AB0E1D-BD0B-73FC-FF57-15F6B62ECB1E}*]
"haompmaejmkdjdne"=hex:6b,61,64,69,6b,61,6b,6c,69,63,6d,6b,66,6c,6c,67,67,67,
62,66,6e,61,00,00
"gahkkjcjmbobje"=hex:61,63,6e,68,69,61,61,65,6a,6e,70,61,6e,6e,6b,67,6b,69,6c,
66,6f,65,67,6a,6e,67,6b,68,6d,67,66,69,64,6a,6c,68,6f,6c,6b,6b,69,6c,68,6c,\
"iaancdpeaaihoionbk"=hex:6b,61,64,69,66,62,62,6f,66,68,62,6a,63,6d,6b,64,6b,6f,
61,66,66,66,00,00
.
[HKEY_USERS\S-1-5-21-1064428315-3169972226-4278539030-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F154B28E-0E86-6167-C6CA-1EA4E61D1DCD}*]
"hanoaogonhbhgnij"=hex:6e,62,6f,66,66,61,66,65,61,67,65,6c,63,66,6d,63,64,67,
6d,70,68,6a,65,62,6e,6c,70,68,67,62,6f,68,6c,69,6a,6d,61,6a,6f,6b,63,6b,67,\
"janoaogonhbhgnijdfde"=hex:66,61,6f,66,68,6e,62,63,6b,66,66,6d,00,00
"pafapabimgnbdjhpmflkbfiehlpeabpi"=hex:63,61,67,66,63,70,00,63
"pafapabimgnbdjhpmflkbfiehlpeabkj"=hex:65,61,6f,66,67,6e,65,64,69,61,00,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panasonic\Phoebe5\Settings\Device]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASTSRV.EXE
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Kontiki\KService.exe
c:\windows\SysWOW64\nlssrv32.exe
c:\windows\SysWOW64\PSIService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
.
**************************************************************************
.
Completion time: 2011-04-24 15:23:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-24 14:22
.
Pre-Run: 201,034,698,752 bytes free
Post-Run: 200,807,964,672 bytes free
.
- - End Of File - - 2DC8E4ACB776C3FB3E7909C3ADB5328E

Reboot your machine

hi - thank you

i can now use programs again, but situation is still the same with the windows security centre not being able to start.

rgds

Let's make sure you're clean first.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Quote

Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

ComboFix 11-04-23.02 - Celia 24/04/2011 16:37:08.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2602 [GMT 1:00]
Running from: c:\users\Celia\Desktop\comfix.exe.exe
Command switches used :: c:\users\Celia\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-24 to 2011-04-24 )))))))))))))))))))))))))))))))
.
.
2011-04-24 15:45 . 2011-04-24 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-19 13:34 . 2011-04-19 13:34 -------- d-----w- c:\users\Celia\AppData\Roaming\ParetoLogic
2011-04-19 13:34 . 2011-04-19 13:34 -------- d-----w- c:\users\Celia\AppData\Roaming\DriverCure
2011-04-19 13:34 . 2011-04-19 13:44 -------- d-----w- c:\programdata\ParetoLogic
2011-04-17 10:37 . 2011-04-17 10:37 -------- d-----w- c:\windows\system32\SPReview
2011-04-17 10:36 . 2011-04-17 10:36 -------- d-----w- c:\windows\system32\EventProviders
2011-04-16 22:23 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-16 22:23 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-04-16 22:23 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-04-16 22:23 . 2010-11-20 13:33 5563776 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-16 22:23 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-04-16 22:23 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
2011-04-16 22:23 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-04-16 22:23 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2011-04-16 22:23 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
2011-04-16 22:23 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-04-16 22:21 . 2010-11-20 13:27 1098240 ----a-w- c:\windows\system32\Vault.dll
2011-04-16 22:20 . 2010-11-20 12:21 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2011-04-16 22:19 . 2010-11-20 13:27 358400 ----a-w- c:\windows\system32\wmpdxm.dll
2011-04-16 22:18 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2011-04-16 22:17 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-04-16 22:17 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-04-16 22:17 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-04-16 22:17 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-04-16 22:12 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-16 22:12 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-16 22:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-16 22:12 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-16 22:11 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-16 22:10 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-16 22:10 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-16 21:29 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-16 21:29 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-04-16 06:55 . 2011-04-16 06:55 -------- d-----w- c:\program files (x86)\ESET
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\users\Celia\AppData\Roaming\SUPERAntiSpyware.com
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-14 14:46 . 2011-04-14 14:46 -------- d-----w- c:\programdata\!SASCORE
2011-04-14 14:46 . 2011-04-24 12:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-14 14:45 . 2011-04-15 05:55 -------- d-----w- c:\program files (x86)\SpywareGuard
2011-04-14 14:45 . 2011-04-14 14:45 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-04-14 14:42 . 2011-04-14 14:42 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-04-13 18:11 . 2011-04-13 18:11 -------- d-----w- c:\users\Celia\AppData\Local\Safe mirror
2011-04-13 18:07 . 2011-04-16 22:03 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2011-04-13 07:33 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 07:33 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 07:33 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 07:33 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 07:33 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 07:33 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-13 07:33 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-13 07:33 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 07:33 . 2011-02-23 04:56 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 20:38 . 2011-04-12 20:38 123392 --sha-r- c:\windows\SysWow64\msxml3av.dll
2011-04-12 19:18 . 2011-04-13 10:02 -------- d-----w- c:\users\Celia\AppData\Roaming\XWindows Dock
2011-04-12 19:18 . 2011-04-13 10:03 -------- d-----w- c:\program files (x86)\XWindows Dock
2011-04-12 07:31 . 2011-04-12 08:53 -------- d-----w- c:\users\Celia\AppData\Roaming\App Launcher Gadget
2011-04-11 12:40 . 2011-04-11 12:40 -------- d-----w- c:\users\Celia\AppData\Local\DVDVideoSoft_Ltd
2011-04-09 20:57 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-09 20:57 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-09 20:56 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-09 20:56 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-09 20:56 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-09 20:56 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-09 20:56 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-09 20:55 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-09 20:55 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-09 20:55 . 2011-04-09 20:55 -------- d-----w- c:\programdata\AVAST Software
2011-04-09 20:55 . 2011-04-09 20:55 -------- d-----w- c:\program files\AVAST Software
2011-04-09 12:39 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4FF703C-418F-4A19-9808-C3D2C475E76B}\mpengine.dll
2011-04-03 19:23 . 2011-04-05 20:19 -------- d-----w- c:\users\Celia\AppData\Local\Conduit
2011-03-31 05:03 . 2011-03-31 05:03 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-6\markup.dll
2011-03-27 19:51 . 2011-03-27 19:51 -------- d-----w- c:\program files (x86)\EfficientPIM
2011-03-27 19:35 . 2011-04-13 10:02 -------- d-----w- c:\users\Celia\AppData\Roaming\EfficientPIM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 10:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 10:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-04 18:59 . 2009-12-23 06:57 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-04 18:59 . 2010-05-20 04:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-31 05:03 . 2010-05-25 04:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-29 04:42 . 2009-12-25 10:39 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-15 22:37 . 2011-03-15 22:37 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 22:37 . 2011-03-15 22:37 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 22:37 . 2011-03-15 22:37 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 22:37 . 2011-03-15 22:37 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 22:37 . 2011-03-15 22:37 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 22:37 . 2011-03-15 22:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 22:37 . 2011-03-15 22:37 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 22:37 . 2011-03-15 22:37 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 22:37 . 2011-03-15 22:37 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 22:37 . 2011-03-15 22:37 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 22:37 . 2011-03-15 22:37 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 22:37 . 2011-03-15 22:37 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 22:37 . 2011-03-15 22:37 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 22:37 . 2011-03-15 22:37 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 22:37 . 2011-03-15 22:37 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 22:37 . 2011-03-15 22:37 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 22:37 . 2011-03-15 22:37 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 22:37 . 2011-03-15 22:37 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 22:37 . 2011-03-15 22:37 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-15 22:37 . 2011-03-15 22:37 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 22:37 . 2011-03-15 22:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 22:37 . 2011-03-15 22:37 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 22:37 . 2011-03-15 22:37 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 22:37 . 2011-03-15 22:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 22:37 . 2011-03-15 22:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 22:37 . 2011-03-15 22:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 22:37 . 2011-03-15 22:37 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 22:37 . 2011-03-15 22:37 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 22:37 . 2011-03-15 22:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 22:37 . 2011-03-15 22:37 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 22:37 . 2011-03-15 22:37 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 22:37 . 2011-03-15 22:37 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 22:37 . 2011-03-15 22:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 22:37 . 2011-03-15 22:37 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 22:37 . 2011-03-15 22:37 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 22:37 . 2011-03-15 22:37 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 22:37 . 2011-03-15 22:37 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 22:37 . 2011-03-15 22:37 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 22:37 . 2011-03-15 22:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 22:37 . 2011-03-15 22:37 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-14 21:11 . 2009-12-23 06:56 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_685032BACB814DF298AC8C8334E23C82.exe
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_2DA2FE4FD37B41B8A6D3B7E936F31C71_3.exe
2011-03-11 10:54 . 2011-03-11 10:54 61440 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Pet_Diabetes_Melli_2DA2FE4FD37B41B8A6D3B7E936F31C71_2.exe
2011-03-11 10:54 . 2011-03-11 10:54 53248 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\ARPPRODUCTICON.exe
2011-03-11 10:54 . 2011-03-11 10:54 49152 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\UNINST_Uninstall_C_2DA2FE4FD37B41B8A6D3B7E936F31C71.exe
2011-03-11 10:54 . 2011-03-11 10:54 40960 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Nurse_Training_Mod_2DA2FE4FD37B41B8A6D3B7E936F31C71_1.exe
2011-03-11 10:54 . 2011-03-11 10:54 40960 ----a-r- c:\users\Celia\AppData\Roaming\Microsoft\Installer\{2DA2FE4F-D37B-41B8-A6D3-B7E936F31C71}\Nurse_Training_Mod_2DA2FE4FD37B41B8A6D3B7E936F31C71.exe
2011-03-09 19:28 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-01 15:20 . 2011-03-01 15:20 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-7\markup.dll
2011-02-19 12:05 . 2011-03-09 19:35 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 19:35 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 19:35 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-09 19:35 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 19:35 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 06:45 . 2010-01-09 09:16 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-02 21:40 . 2011-01-29 21:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-02 18:11 . 2009-11-10 17:35 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 06:52 . 2011-02-01 06:48 1812 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2003-01-31 03:43 . 2003-01-20 12:07 6065152 ----a-w- c:\program files\Mystical.exe
2003-01-30 18:20 . 2003-01-20 12:07 1396736 ----a-w- c:\program files\Mystical_PlugIn.8bf
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-24_14.00.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-04-24 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-24 13:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-24 15:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 13:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-24 15:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-24 13:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 19:13 . 2011-04-24 15:09 95928 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-24 14:01 51204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-24 15:09 51204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-10 18:55 . 2011-04-24 15:09 31624 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064428315-3169972226-4278539030-1000_UserData.bin
- 2009-11-10 18:52 . 2011-04-24 13:58 11201 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-11-10 18:52 . 2011-04-24 15:05 11201 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-04-24 13:59 . 2011-04-24 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-24 15:06 . 2011-04-24 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-24 15:06 . 2011-04-24 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-24 13:59 . 2011-04-24 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-04-24 12:59 646678 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-24 15:12 646678 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-24 15:12 121066 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-04-24 12:59 121066 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-04-24 13:58 653244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-24 15:05 653244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6BFBC258-01EC-4d21-9E73-085E2F73EFDD}]
c:\program files (x86)\Cashback Alerter\CA.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77f40091-495b-4c46-9068-2b24c4133157}]
2010-02-22 11:05 2353176 ----a-w- c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 16:28 1174920 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 10:06 2355224 ----a-w- c:\program files (x86)\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
"{77f40091-495b-4c46-9068-2b24c4133157}"= "c:\program files (x86)\Messenger_Plus_Live_UK\tbMess.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{77f40091-495b-4c46-9068-2b24c4133157}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AquaSnap"="c:\program files (x86)\AquaSnap\AquaSnap.Daemon.exe" [2011-01-21 875008]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104]
.
c:\users\Celia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EfficientPIM.lnk - c:\program files (x86)\EfficientPIM\EfficientPIM.exe [2011-3-27 10269184]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-1 1207312]
SpywareGuard.lnk - c:\program files (x86)\SpywareGuard\sgmain.exe [2003-8-29 360448]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2011-4-12 3450608]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-14 1038088]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 18:42];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-06-24 20:19 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-02-16 101048]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-07-16 648432]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [x]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064428315-3169972226-4278539030-1000Core.job
- c:\users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 21:16]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064428315-3169972226-4278539030-1000UA.job
- c:\users\Celia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-06 21:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Celia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Celia\AppData\Roaming\Mozilla\Firefox\Profiles\0ae690fl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{77F40091-495B-4C46-9068-2B24C4133157} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Panasonic\Phoebe5\Settings\Device]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-24 16:48:30
ComboFix-quarantined-files.txt 2011-04-24 15:48
ComboFix2.txt 2011-04-24 14:23
.
Pre-Run: 200,788,951,040 bytes free
Post-Run: 200,727,695,360 bytes free
.
- - End Of File - - 3C89EC5EEC4A4DF55A5206C7564895B8

Next we can find any infected files or other rubbish

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

If no log is generated that means nothing was found. Please let me know if this happens.

C:\Users\Celia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-1aaf6c7e multiple threats deleted - quarantined
C:\Users\Celia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\56e5934d-313e6b2f a variant of Java/Agent.A trojan deleted - quarantined
C:\Users\Celia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4d9c5e4e-2978245b multiple threats deleted - quarantined
C:\Users\Celia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-2b36502f multiple threats deleted - quarantined
C:\Users\Celia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-1c59933b multiple threats deleted - quarantined
C:\Users\Celia\Celias other programs\Get rid of objects\inpaint\Inpaint.exe probably a variant of Win32/HackTool.Patcher.A application deleted - quarantined
C:\Users\Celia\Downloads\Downloaded Programs\Not tried\Activate Office 2007\activate.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
C:\Users\Celia\Downloads\Downloaded Programs\Portable Apps\Portable_Teo_rex_I_npaint_2.4.1.rar probably a variant of Win32/HackTool.Patcher.A application deleted - quarantined

HackTool sometimes uses a backdoor which means that it may steal information

Since your system may have been hacked, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach and you should file a report with yoour local law enforcement agency. Failure to notify your financial institution and local law enforcement can result in the bank refusing to reimburse funds if any were stolen. For more detailed instructions as to what you should do, please read:

• Identity Theft Victims Guide - What to do
  
• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  
• What Should I Do If I've Become A Victim Of Identity Theft?

The good news is that should be the last of the malware. How is the machine running?

thank you

this may seem a stupid question, but i have been on 3 sites to put a fraud alert on and all ask for details as if i lived in USA, i.e. zip code, etc.
i have now joined equifax.

machine seems to be running ok for internet and files, running programs, etc., but a few things not working:

windows security centre - not working
printing - every time i request something to print it says printer not responding!
bluetooth - i can't send or receive anything. laptop can't find any bluetooth device and when trying to send
from mobile says service not supported by other device!
also, have superantispyware installed - tried to uninstall it - says can't read uninstall info - should i worry?

This post has been edited by digiscrapi: 26 April 2011 - 02:55 AM